NotPetya wreaked havoc for some large companies, costing them billions of dollars in lost revenue, damaging computer systems, and requiring significant expense to restore global operations. In its wake, entire industries reassessed their practices for patching, business continuity, supply chain interruption, and more.
Since the NotPetya event, we have learned much about the attack, but many details remain elusive. One continuing discussion for the insurance industry, however, is whether NotPetya was “warlike” – and more specifically, whether the ubiquitous war exclusion found in cyber insurance policies could have prevented coverage. A recent Wall Street Journal article described this as “a multimillion-dollar question for companies that purchase cyber insurance.”
This Marsh-authored article appears in the latest edition of the MMC Cyber Risk Handbook, (page 17) which contains Marsh & McLennan Companies’ perspectives on major developments, specific industry implications, and strategies to increase resilience.